Home > Vulnerability Database > CVE-2024-7760

Mend.io Vulnerability Database

CVE-2024-7760

Good to know:

Date: March 20, 2025

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write.

Severity Score

7.4

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-7760

Url: https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229

Url: https://github.com/aimhubio/aim

Url: https://www.mend.io/vulnerability-database/CVE-2024-7760

Severity Score

7.4

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version https://github.com/aimhubio/aim.git - null

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-7760

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?